Means and Methods to Compromise Common Hash Algorithms

Means and Methods to Compromise Common Hash Algorithms

1 C0D3 CR4CK3D: Means and Methods to Compromise Common Hash Algorithms Kevin C. Redmon, Graduate Student in Information Security, East Carolina University another way to verify our data files. Abstract — There are currently several different hashing In comes hashing as we know it today. The modern algorithms in use today. These include LM, MD5, SHA-1, and hashing algorithms are designed to help verify the integrity of SHA-2, among many others. We use these algorithms for many a data element. Yet, as our needs to verify file contents and different purposes – data fingerprinting, digital signatures, and data transmissions evolve, we continually realize that better message authentication codes. In these applications, there is one common element – the hashing algorithm takes a piece of data solutions and algorithms are needed. Better hashing that is likely bigger in size and reduces it to a shorter, “unique” algorithms are constantly in the works. However, as the past identifier, called a hash. If the data changes in a slight way, the would indicate, cryptographers and hackers alike continue to resulting hash can change quite drastically, some times impacting find issues with each successive algorithm that is released. As ~50% of the bits in the resulting hash [1]. Furthermore, to create one algorithm is broken, another is developed – so the cycle the same hash from two different data elements becomes continues. This paper will discuss the means and methods increasingly more difficult as the length of the hash increases. These algorithms and the resulting hash, were designed to used to compromise these hashing functions and ways to provide security and confidence to the user that the data is protect yourself, and your data. authentic. What happens when two different data elements create the II. HASH ALGORITHMS same hash? The entire security and usefulness of the hashing algorithm falls under scrutiny. Simply proving that a particular There are approximately fourteen major hash algorithms in hash algorithm can be compromised in our lifetime can also common use today[2]. Since some of these algorithms have create enough alarm to send cryptographers back to the drawing fallen to disuse, I chose to address those that are most often in board. Many cryptanalysts see this as a challenge - to “break the the spotlight – LM (LanManager), MD5, SHA-0/SHA-1, and unbreakable” - and dedicate their lives to break these algorithms. SHA-2. (SHA-0 and SHA-1 are closely familiar; they are In this paper, I will discuss the means and methods that often approached as a single algorithm.). I will discuss the cryptanalysts use to compromise several hash algorithms. I will cryptographic functions of each of these hashing algorithms also discuss ways to decrease the opportunity for a compromise and the key contributor to their security. of a hash or its source data. LM, also known as LanManager, is a hashing algorithm developed by Microsoft in the early 1990’s. It was first used Index Terms—Information Security, Cryptography, Hash, Cracking in their Windows 3.11 product and is not very secure [3].This particular hashing function is used to “protect” your password I. INTRODUCTION on most Windows operating systems. Despite the existence of more secure hashing algorithms, including NTLMv2 and Kerberos, Microsoft continues to support this for legacy ASHING has long been used as a means to verify data reasons. This algorithm is as follows [4]: H elements. Parity bits were originally used to confirm that 1. Convert the user’s password to uppercase. a data transmission was received correctly and helped to 2. Either null-pad the password or truncate to 14 detect any single-bit errors. However, parity didn’t add any bytes/characters. value if multiple bits in the data had errors. As a result, a 3. Split the resulting password into 7-byte halves. second trend then came about called CRC – Cyclic 4. Create two DES keys, using the two 7-byte halves as Redundancy Checks. These CRCs, based on polynomials, inputs. were used to detect errors in the data elements via a hash. 5. Each of these keys are used to DES-encrypt the Although this approach is more robust than parity bits, constant “KGS!@#$%”, resulting in two 8-byte weaknesses in this algorithm also came to pass. A user could ciphertext values. modify a file and easily sculpt the file’s contents to create the 6. Concatenate these two ciphertext values to form a same CRC as the original file [5]. As such, we needed 16-byte value – this is the LM Hash. The weaknesses in this algorithm are many. First and Manuscript received July 17th, 2006. foremost, the hash is case-insensitive. Secondly, the character Kevin Redmon is a Graduate Student studying Information Security at East set is limited to 142 characters. Finally, and the issue that is Carolina University, East Fifth Street, Greenville, NC 27858 USA (e-mail: [email protected]). 2 most exploited is the hash is broken down into two 7-byte With each of these algorithms, I will address some of their chunks. The best security for this hashing algorithm will be to uses, types of attacks, and ways to protect your data from keep the resulting hash out of the hands of unauthorized compromise while using the algorithm in question. people. The second algorithm that I’d like to discuss is MD5 III. USES OF HASHING (Message Digest algorithm 5). This hashing function was Hashes are used for many different reasons. As I created by Ronald Rivest, an MIT professor, in 1991 as a mentioned in the introduction above, hashing, in its simplest successor to MD4 [1,6]. The algorithm starts by padding the form, was used to detect errors in a file’s transmission. Now, incoming data to result in a file length that is divisible by 512 a hashing solution must do more than that – it needs to be bits. The algorithm then takes the data in 512-bit blocks. more secure. Hash algorithms today have to offer a minimum Each of these blocks is divided into sixteen 32-bit sub-blocks. level of security and assist in verifying the integrity of the data Each of these sub-blocks is then used to affect the 128-bit element. state variable (divided into four 32-bit variables - a, b, c, d) One use of a hash function is for a digital signature. As the that is used in the algorithm. In turn, the variables are primary reason for the design of hash functions, the data to be processed through four rounds of four different nonlinear signed is first ran through a hashing algorithm. This hashing functions. Completing the fourth round, the final state (a’, b’, algorithm reduces the data down to a manageable signature c’, d’) is added back to the original inputs from this round of element. This signature element is then passed to a signature the algorithm. After all of the data is processed, this 128-bit authority (ie RSA) to be digitally signed [8]. state variable remains. A second use of hashing is for Message Authentication This MD5 algorithm is significantly more secure than LM Codes (MAC). MACs are one-way hash functions with the as mentioned above due to the nonlinear functions and a faster addition of a secret key [1]. The only way to verify a MAC “avalanche” effect, yet is still vulnerable to compromise [1]. value is to have the secret key. In some MAC algorithms, the The key vulnerability for this algorithm lies in the length of its hashing and use of the key happen multiple times, adding an final hash. We’ll discuss this more as we revisit the Types of additional layer of protection [8]. Attacks in Section IV. A third use of hashing, and possibly the most uncommon, is The SHA-0/SHA-1 algorithms are very similar in operation as a Pseudo-random function. By running a data element as MD5 [1]. The incoming data is padded to create a final through a hashing algorithm, random-seeming bits are created. size that is divisible by 512-bits. This incoming data is once These can be used for generating cipher keying material after again divided into sixteen 32-bit sub-blocks. In this a Diffie-Hellman exchange [8]. algorithm, there is a 160-bit state variable (divided into five A fourth, and probably the most common use of hashing, is 32-bit variables – a, b, c, d, e). The algorithm consists of four data fingerprinting. By taking the data element and running it rounds of 20 operations each, using the state variable and the through a hashing algorithm, a “unique” identifier is created. incoming data as inputs. After all of the incoming data is This identifier can often be used to verify the integrity of the processed, the 160-bit state variable remains. file. If a file is modified, even slightly, the resulting hash of The SHA-0/SHA-1’s security comes from the use the the file will likely change quite drastically. A single bit resulting 160-bit hash (vs. MD5’s 128-bit hash), the addition change in a hashing algorithm input can sometimes impact of an expand transformation, and the use of the previous steps 50% of the resulting hash. output into the current step. This last feature provides for a faster “avalanche” effect [1]. Some SHA-1 vulnerabilities IV. TYPES OF ATTACKS have been found which will be discussed later in this paper. SHA-2 variants include SHA-224, SHA-256, SHA-384, Compromising the resulting hash of a data element is often and SHA-512. The incoming data is once-again divisible by the focus of many types of attacks on hashing algorithms.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    4 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us